Tor Relay on Raspberry Pi 2 & 3

24,810

183

17

I'm creating this Instructable because I'm tired of seeing so many outdated guides on how to setup a Tor Relay on a Raspberry Pi 2... 95% of the guides I found led to installing some out of date bundle of Tor (0.2.5.x) instead of the current (0.2.7.x).

Step 1: Parts Needed

You need the following parts:

  • Raspberry Pi 2
  • Power supply
  • Network cable/connection to the Internet
  • Micro SD card with Raspbian (you can find all necessary installation instructions here:http://www.raspbian.org/RaspbianInstaller)

Step 2: Getting Started

In your terminal type:

sudo raspi-config

Now you are going to go to option 1 and expand your usable space on your micro sd card from 2 gigs to the actual size of your card.

Next, again:

sudo raspi-config

Now you are going to option 2 to change the password of your Pi from "raspberry" to something secure.

Step 3: Add a User

In your terminal type:

sudo adduser tor

[enter]

Enter a secure password!

[enter]

Enter the password again

[enter]

sudo nano /etc/sudoers

[enter]

Add the following line at the bottom of the page:

torALL=(ALL) ALL

Step 4: Updates

Before we get started with updates for the Pi, let add the Tor Projects package repository.

In your terminal type:

sudo nano /etc/apt/sources.list

and this to the bottom of the list:

deb http://deb.torproject.org/torproject.org jessie main

Now in your terminal run:

sudo apt-get update
sudo apt-get upgrade

Step 5: Add the Tor Projects GPG Keys

In your terminal run:

gpg --keyserver keys.gnupg.net --recv 886DDD89

Then run:

gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

GPG Key source for verification: https://www.torproject.org/docs/debian.html.en

Step 6: Install Tor

In your terminal run:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install tor deb.torproject.org-keyring
sudo apt-get install tor

(This will take a long time so be patient)

Step 7: Configure Tor

In your terminal enter:

sudo nano /etc/tor/torrc

Highlight everything (Mac = Command + A) and replace it with the config below:

SocksPort 0
Log notice file /var/log/tor/notices.log
RunAsDaemon 1
DataDirectory /var/lib/tor
ControlPort 9051
CookieAuthentication 1
ORPort 443
DirPort 80
ExitPolicy reject *:*
Nickname TypeYourNicknameHere
##Remove the # before RelayBandwidthRate & RelayBandwidthBurst to throttle bandwidth speed.
#RelayBandwidthRate 1024 KB  # Throttle traffic to 1024KB/s 
#RelayBandwidthBurst 2048KB # But allow bursts up to 200KB/s 
##optional
#ContactInfo TypeYourEmailHere
DisableDebuggerAttachment 0

Control + x to close / save the file.

In terminal enter:

sudo /etc/init.d/tor restart

Step 8: Install ARM (Tor Graphical Controller)

In terminal type:

sudo apt-get install tor-arm

Then to launch ARM type:

sudo -u debian-tor arm

Step 9: Secure Ports:

Next in your terminal enter:

sudo nano /etc/iptables/rules.v4

Now copy and paste this above the word "commit"

##  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
      
## allow incoming SSH      
-A INPUT -p tcp --dport 22 -j ACCEPT
## allow Tor ORPort, DirPort        
-A INPUT -p tcp --dport 433 -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT

## ratelimit ICMP echo, allow all others
-A INPUT -p icmp --icmp-type echo-request -m limit --limit 2/s -j ACCEPT
-A INPUT -p icmp --icmp-type echo-request -j DROP
-A INPUT -p icmp -j ACCEPT

## to log denied packets uncomment this line (I uncommented it for you).
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state INVALID -j DROP

If you have any questions, feel free to post a comment and I'll respond as soon as I can!

Share

    Recommendations

    • Planter Challenge

      Planter Challenge
    • Growing Beyond Earth Maker Contest

      Growing Beyond Earth Maker Contest
    • Sew Tough Challenge

      Sew Tough Challenge

    17 Discussions

    0
    None
    awilson75

    3 years ago

    To help fund new Tor Exit Relays in the US please donate to 1NuscuwCVgFpfYCindAgyMH3CHdDjcJb3M

    0
    None
    MeekaJ1

    Question 6 months ago

    Will this work on a Raspberry Pi 3B+?

    0
    None
    PierreC7

    Tip 1 year ago on Step 9

    I installed this on Raspian stretch. When at step 3 when I entered: sudo nano /etc/sudoers and added the last lines as shown, when sudoers file was saved the system became corrupted. So I started over again and did a sudo su command before the

    sudo nano /etc/sudoers command then added the following last line instead to sudoers file:

    tor ALL=(ALL:ALL) ALL

    Then: At the sudo nano /etc/apt/sources.list

    I added the following line instead (changing jessie to stretch)

    deb http://deb.torproject.org/torproject.org stretch main

    Then: before STEP 9: Secure Ports steps

    I did this cmd: mkdir /etc/iptables (seems there was no iptable directory)

    then followed the rest of the instructable.

    0
    None
    g6nhu

    Tip 1 year ago on Step 9

    You need to install iptables-persistant first:
    sudo apt-get install iptables-persistent

    0
    None
    psilo911

    2 years ago

    Thanks for this, do you have any recommendations on a good VPN to use with this? or is there a way to turn my RPI 2 into a VPN Server? is it needed with linux? self taught here. i know enough to get me in trouble lol

    0
    None
    redcarpet

    3 years ago

    *** PLEASE PLEASE PLEASE - ADMIN PLEASE READ THIS ***

    IN STEP 3 - it says to edit the sudoers file - this MUST NOT be done in ( ubuntu based linux editions ) with the suggested program NANO as it can definitely corrupt the sudoers file and nobody will be then allowed to use SUDO. The correct program to run is "VISUDO" . The procedure specifies in step three corrupted mine and was very difficult to put back.

    *** PLEASE AMEND THIS ***

    0
    None
    Stuxx_

    3 years ago

    I tried step 9 but my pi threw me an error that the file or path does not exist ,i also navigated to the file and tried to get the folder iptables and its not there. Any solutions ??

    0
    None
    Stuxx_

    3 years ago

    I tried step 9 but my pi threw me an error that the file or path does not exist ,i also navigated to the file and tried to get the folder iptables and its not there. Any solutions ??

    0
    None
    GlennL1

    3 years ago

    do i need Raspberry Pi 2? or does the first one work to?

    3 replies
    0
    None
    awilson75GlennL1

    Reply 3 years ago

    My understanding is it has to be the Raspberry Pi 2, because of the Debian armhf port.

    0
    None
    GlennL1awilson75

    Reply 3 years ago

    ok..time to get the new one then..

    0
    None
    awilson75GlennL1

    Reply 3 years ago

    The Raspberry Pi 3 is for sale now (as of 2/29/16)!

    0
    None
    Zanninbaecker03

    Reply 3 years ago

    Tor is a special internet browser that allows you to view the web anonumasly and access the Darkweb.